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(SI) Abstract 

An issuer offers any type of service se- 
cured with a secret cryptographic key assigned 
to an applicant according to the present inven- 
tion, which includes a secret key registration 
process. Usually, the secret key will be loaded 
on a portable memory device or other secret 
key store of the applicant. As preliminary steps, 
the issuer sets up its public key for the Proba- 
bilistic Encryption Key Exchange (PEKE) cryp- 
tosystem. and the applicant obtains a copy of a 
secret key registration software, a copy of the is- 
suer's public key. and an uninitialized portable 
memory device. Once initiated by the appli- 
cant, the registration software generates an in- 
ternal PEKE secret key. The applicant chooses 
a registration pass query and pass reply that the 
registration software MACs and encrypts with 
a key derived from the PEKE secret key. The 
registration software derives the key assigned 
to the applicant from the PEKE secret key. and 
loads it into the secret key store. A message is 
sent to the issuer data processing center where 
the cryptographic processing (PEKE, MAC. en- 
cryption) is reversed. Using an alternate chan- 
nel (e.g. telephone conversation) an issuer agent 
verilies the identity of the applicant: the agent 
asks the pass query, the applicant replies with 
the pass reply, and the issuer verifies the appli- 
cant's knowledge of some relevant personal data. The issuer agent can approve the applicant's registration in the issuer database. There 
is no need for the issuer to personalize either the software or the secret key store before delivery to the applicant, and there is a single 
personal contact between the applicant and the issuer agent 
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INITIAL SECRET KEY ESTABLISHMENT INCLUDING 
FACILITIES FOR VERIFICATION OF IDENTITY 

The present application clauns priority of US provisional patent 
5 application 60/046,047 filed May 9, 1997. 

Field of the Invention 

The present invention generally relates to cryptographic key management 
that is required for the implementation of secure diata conununications or 

10 transaction processing. More specifically, it addresses the need to establish, or 
renew (e.g. after security breach), the very first shared secret key between two 
parties (e.g. a client and a financial institution in an on-line banking service 
arrangement). This registration process encompasses human activities by the 
parties* agents for the verification of identity. The present invention facilitates 

15 these human activities by a novel and unique arrangement of automated 
operations, notably cryptograpliic transformations. The present invention also 
relates to the secure loading of cryptographic key material in hand held 
memories in tire form of smart cards, security tokens, and the like. Although the 
present invention uses public key cryptography primitives, it does not assist the 

20 establishment of a private/public key pair of the type used for digital signatures 
or public key encryption. The present invention does not deal with the derivation 
of a session key or a one-time password fi^om either a preset shared secret key, or 
a preset secret password. 

25 Background of the Invention 

For the deployment of electronic conmierce and on-line banking services, 
information security techniques are of paramount importance. As will be seen 
from the prior art cited hereafter, they are also important for the protection of 
computer networks and the authentication of subscribers of mobile telephone 

30 service. A general scheme emerges for the organization of such electronic 
authentication applications, despite the diversified vocabulary used in different 
application areas. There is first a central database imder the operational control 
of a service organization whose trustworthiness is commensurate with the issues 
at stake. Then, there are the potential cUents, individuals or organizations. The 

35 general function of a registration process is to make a given client known by the 
service organization in such a way that the subsequent routine processing" of 
transactions is automated and efficient. The clients have access to electronic 
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apparatus through which they conduct their ordinary activities. A registration 
process provides the client with secret authentication information. This secret 
can be a Personal Identification Number (PIN), a private key for a digital 
signature algorithm, or a secret cryptographic key shared between the client and 
5 the service organization. While a PIN can be remembered by a normal person, 
the two other forms of authentication secret require a digital memory of some 
sort. The present invention is mainly concerned with die registration process 
when a shared secret authentication key is used. 

Ultimately, transaction authentication is effective if it secures the legal 
10 bind between a bank accoimt withdrawal and the accoimt holder liability, while 
barring access to the funds by defirauders. Since the account holder is a legal 
person rather than a digital apparatus, the required chain of evidence is a two- 
tiered authentication bind: 1) the logical bind between the account holder (or the 
account holder agent) and a cryptographic operation performed by a digital 
15 apparatus, and 2) the bind between this said cryptographic operation and the 
transaction historic records of the fmancial institution. Within its scope of a 
registration process, the present invention addresses these two aspects of 
transaction authentication. 

The distinction between "secret key cryptography" and "public key 
20 cryptography" is well known in the prior art. In the present disclosure, we 
reserve the term "secret to data shared in confidence between parties in a secret 
key cryptography arrangement, and respectively the terms "private" and "public" 
to the private and public components of a private/public key pair of the type used 
for digital signatures or public key encryption fi-om the field of public key 
25 cryptography. 

The elementary cryptographic operation used in transaction authentication 
can be DES encryption of a secret Personal Identification Number (PIN) entered 
at a Point of Sale terminal (POS temunal), with cryptographic integrity 
protection applied to the whole transaction (typically with a Message 
30 Authentication Code based on DES and a secret key). In that case, a long-term 
secret key has to be established iiutially between the POS terminal and the data 
processing center responsible for transactions initiated from this POS terminal 
(normally under the control of the merchants financial institution). This long- 
term secret key is of the type that can be established with the present invention. 
35 US patent no. 4,771,461 discloses a procedure for this secret key establishment 
This prior art of US patent no. 4,771,461 suffers from a number of 
intrinsic limitations. First and foremost, tiiere is tlie following explicit security 
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weakness (colxunn 16 lines 1 to 6): "The general exposure of the procedure is 
that an opponent can always initiate a successful sign-on from his location with 
his terminal, provided that the real terminal never signs on before T2 and does 
not report this to the KDC [Key Distribution Center]. In that case, the fake 
5 terminal can continue to operate indefinitely." 

More generally, the procedure of US patent no. 4,771,461 appears 
outdated when one considers tlie level of sophistication reached by adversaries 
of actual cryptosystems. Sec for instance the article by Ross J. Anderson, 
Liability and Computer Security: Nine Principles (in Computer Security - 
10 Esorics *94, Third European Symposium on Research in Computer Security, 
November 1994, LNCS 875, Springer Verlag, PP 231-245), the article by Martin 
Abadi, and Roger Needham, Prudent Engineering Practice for Cryptographic 
Protocols (in 1994 IEEE Symposium on Research in Security and Privacy, IEEE, 
1994, PP 122-136), and the article by Ross J. Anderson, and Roger Needham, 
15 Robustness Principles for Public Key Protocols (in Advances in cryptology, 
CRYPTO*95, LNCS 963, Springer Verlag, 1995, PP 236-247). Nonetheless, US 
patent no. 4,771,461 has the merit of stressing the importance of data integrity 
protection for the initial establishment of cryptographic keys. 

There are also operational limitations in the procedure of US patent no. 
20 4,771,461. Despite the acknowledgment that courier services for secret key 
distribution are expensive and burdensome, it is not clear how courier services 
can be avoided altogether. They may be required because the POS terminals can 
be loaded with a terminal identifier and/or a public key at a central location. 
Courier services or another form of alternate secure channel may also be 
25 required for some instructions to a person because these instructions may contain 
sensitive information specific to each POS tenninal. Moreover, the explicit 
operational delays introduced by this prior art have a negative impact on the 
value of the procedures. 

The elementary cryptographic operation used in transaction authentication 
30 can also be a digital signature from the field of public key cryptography, in 
which case a representative description of the prior art may be foxmd in the 
Working Draft ANSI standard X9.30-199x Public Key Cryptography Using 
Irreversible Algorithms for the Financial Services Industry: Part 3: Certificate 
Management for DSA (by the Accredited Standards Committee X9-Financial 
35 Services, ANSI ASC X9, American Bankers Association, Washington, DC, 
November 19, 1994 document N24-94). Tlie present invention alleviates the 
traditional burden of secret key distribution, and tims suggests the avoidance of 



wo 98/52316 



PCT/CA98/00431 



the public key infrastructure described in the mentioned Working Draft ANSI 
standard X9.30-199x. Indeed, the financial industry has been operating on a 
centralized trust model for decades, and the adoption of public key paradigms 
may be expected to remain low. 
5 Turning now to the logical bind between the account holder (or the 

account holder agent) and a cryptographic operation performed by a digital 
apparatus, one way to let the account holder control tlie use of a cryptographic 
key is to store it on a hand held memory device in the card format, or in a format 
suitable for attachment on a key ring, or any odier small size format. Thus, the 
10 account holder is relieved from the obligation to control the access to a fixed 
apparatus like a computer system, or a luggage-size apparatus like a portable 
personal computer. When the hand-held memory device contains intrinsic data 
access control features, it falls into the smart card category. This usually requires 
a rudimentary microprocessor along with the memory device. With fiuther 
15 sophistication, a hand held electronic device may embed sufficient processing 
power and/or memory to be perform complete cryptograpiiic operations. In the 
latter case, the security is enhanced by avoiding the threat of malignant software 
modifications. The present invention facilitates the establishment of the secret 
key to be loaded on hand held devices where the prior art required the use of 
20 centralized key loading facilities, and/or secure transmission of secret keys using 
trusted courier services. The present invention may allow the avoidance of 
centralized smart card personalization operation. 

The centralized trust model typical of the financial industry is assimied by 
the United States regulatory envirorunent for consumer protection in the case of 
25 electronic fimd transfers. The field of the present invention is more specifically 
covered by EFTA, Electronic Fund Transfer Act, Title IX of the Customer 
Credit Protection Act, (15 U.S.C. §1601 et seq) and Regulation E: Electronic 
Fund Transfers, (12 C.F.R, §205) Section 205.5 which deals vsdth the issuance of 
access devices used for customer-initiated EFT. In some circumstances and 
30 according to these rules, a secret key (established with the help of cryptographic 
protocols) may fall under the legal definition of an access device. In such a case, 
a verification of the customer identity is prescribed as a condition for the final 
validation of the secret key for EFT transactions. An object of the present 
invention is to facilitate the issuance (of access devices) complying with the 
35 EFTA Regulation E or similar rules. 

A difficulty witli key management methods that require centralized 
configuration or personalization is the implied restrictions on the chaimels of 
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distributiott. For consumer electronics, computer products, and software devoid 
of security functions, a myriad of channels are possible: catalog sales, retail 
stores, large discounters, and the like, the list being endless. If an item (like an 
access device for an EFT service) has to be prepared for a specific customer by 
5 trusted personnel according to procedures dictated by a financial institution, the 
possible chaimels of distribution are very few, if any, besides courier shipment 
by the financial institution. US patent 5,557,679 is an attempt to use retail outlets 
for the distribution of subscriber identity modules (portable memories used for 
mobile telephone subscriber authentication). The present invention broadens the 
10 choices of acceptable chaimels of distribution for authentication devices. 

In US patent 5,557,679, secret keys are pre-established to secure a 
network of retail locations where the key loading operation is performed. There 
is no capability for the fiiUy distributed scenario where the target electronic 
devices are remotely located fi-om any (already) secured system. Secret key 
15 schemes that avoid the use of courier services in a fiilly distributed scenario are 
conceivable if the target electronic devices are akeady loaded with a common, 
fixed key "hidden by being included in the [device] programmable read only 
memory (PROM) at manufacturing level", as in US patent 5,539,824. Such a 
scheme is generally considered not so secure, except perhaps when offered by a 
20 very reputable supplier. 

The famous Diffie-Hellman cryptosystem described in US patent 
4,200,770, and the recent similar proposals found in US patents 5,583,939 and 
5,375,169 do not provide remote party authentication and secret key fireshness 
simultaneously. Indeed tlxe "public key" of a Diffie-Helhnan exchange is usually 
25 considered a short-lived cryptographic value, and the authentication potential of 
the Diffie-Hellman exchange is not used. For instance, US patent 5,020,105 
applies Diffie-Helhnan to the task of establishing a secret authentication key, but 
does not provide facilities for verification of account holder identity. Moreover, 
the processing load implied by the original DifQe-Hellman cryptosystem is large, 
30 while the security of the US patents 5,583,939 and 5,375,169 is questionable or 
uncertain. The recent article by Lein Ham, Digital signature for Diffie-Hellman 
keys without using a one-way function (in Electronics Letters, 16th January 1997, 
Vol 33, No 2, ppl25-126) discloses a noteworthy attempt at enhancing the 
Diffie-HeUman scheme with authentication properties. 
35 It is logical that the disclosure in US patent 4,771,461 stresses the need 

for data integrity in the key loading operation, and at the same time uses a public 
key ciyptosystem, RSA, witli a long-term public key assigned to die financial 
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institution. Tliis public key participates in the authentication of the financial 
institution to the benefit of the client-side of the secret key establishment. The 
security of this prior art depends on the unpredictability of the random number 
source on the client-side. The use of random sources for cryptographic key 

5 material has been recognized as a potential source of security flaws. 

Any scheme where the client-side of the session key establishment 
abready has a long term public key is likely to address a need different from the 
present invention, based on the premises of public key cryptography. US patent 
5,406,628 may be a good example. 

10 Last, but not least, is the disclosure by die present Applicant, of the 

Probabilistic Encryption Key Exchange (PEKE) cryptosystem in the Canadian 
patent application 2,156,780 (entitled ^/7/?arato and Method for Cryptographic 
System Users to Obtain a Jointly Determined, Secret, Shared, and Unique Bit 
String, filed on August 23, 1995, laid-open to the public on September 23, 

15 1995), in an article by Thierry Moreau, Probabilistic Encryption Key Exchange 
(in Electronics Letters, Vol. 31, number 25, 7th December 1995, pp 2166-2168), 
and in a technical report by Tliierry Moreau, Automated Data Protection for 
Telecommunications, Electronic Transactions and Messaging using PEKE 
Secret Key Exchange and Other Cryptographic Algorithms, Technology 

20 Licensing Opportunity (revision 1.1, CONNOTECH Experts-ConseUs Inc., 
Montreal, Canada, March 1996, with legal deposits in the National Library of 
Canada, where it was not available to the public before April 1997, and in the 
National Library of Quebec, where it was made available to the public some time 
between November 1996 and January 1997). The PEKE cryptosystem is based 

25 on the Blum-Goldwasser probabilistic encryption scheme explained in an article 
by Manuel Blum and Shafi Goldwasser, An Efficient Probabilistic Public-key 
Encryption Scheme which Hides All Partial Information (in Advances in 
Cryptology: Proceedings of Crypto*84, Springer-Verlag, 1985, pp 289-299). The 
PEKE cryptosystem has been disclosed so far for session key establishment with 

30 no facilities for the verification of identity. Indeed, transaction authentication 
using PEKE is suggested in the mentioned technical report by Thierry Moreau, 
but usiag a preset shared secret password as the basis for authentication, and 
PEKE for session key establishment. For the present invention, the PEKE 
cryptosystem is one of three alternate cryptosystems, the other two being 

35 conventional public key encryption (e.g. RSA, in US patent 4,405,829), and the 
Lein Ham's unprovement to the Diffie-Hellman key exchange in the mentioned 
article by Lein Ham. 
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The commonly used public key cryptosystems use arithmetic operations 
on large integers and especially the modulus (the remainder of an integer 
division). To make these computations relatively efficient, the use of the 
Montgomery modulo reduction algorithm is relatively known in the prior art, see 

5 die original article by Peter L. Montgomery, Modular Multiplication Without 
Trial Division (in Mathemetics of computations, Vol. 44, no. 170, April 1985, pp 
519-522). Two implementations are disclosed in tha article by Stephen R. Dusse 
and Burton S. Kaliski Jr., A Cryptographic Library for the Motorola DSP 5 6000 
(in Advances m Ciyptology, EurocTypt*90, Lecture Notes In Computer Science 

10 no. 473, pp 230-244, Springer- Verlag, 1990) and in the article by S. E. Eldridge 
and Colin D. Walter, Hardware Implementation of Montgomery's Modular 
Multiplication Algorithm (in IEEE Transactions on Computers, Vol. 46, no. 6, 
June 1993, pp 693-699). These two detailed accounts of the Montgomery 
algorithm implementation are targeted, respectively, at digital signal processors 

15 with peculiar instruction sets, and at dedicated integrated circmt design. 
Adaptations of this prior art are useful when the Montgomery algoridmi is 
implemented on a general purpose digital processor. 

Summary of the Invention 

20 According to the present invention, there is an "issuef *, that is a service 

organization that registers "applicants". For the issuer, it is reasonable and 
economically justified to maintain a computerized "database" of its customers, 
account holders, clients or subscribers, where this database contains sensitive 
information, and to train personnel, or "issuer agents", to provide customer 

25 services with a relevant degree of integrity and loyalty. The issuer database is 
secured using the known art of data processing security where a single 
organization may exert effective control of the system security. Typically, this 
will include cryptographic processing capabilities closely associated with the 
database m such a way that secret keys are not accessible to issuer persormel. At 

30 the same time, die issuer agents are typically provided with relevant customer 
data needed to respond to specific customer requests. The issuer agents typically 
access this data on a need-to-know basis through on-line terminals with 
controlled access to software functions, and with auditing to deter or sanction 
frauds that agents might conceive or commit. 

35 The present invention is an improved method for the establishment of a 

secret key shared in confidence between a digital memory possessed by- an 
applicant and the issuer database, where no prior secret is available from which 
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the desired secret key could be derived. The present irivention may obviously be 
used to establish a secret key when a choice is made to ignore any prior secret, 
e.g. due to a suspected security breach. 

The following table shows the preliminary steps needed for the present 

5 invention. The issuer arranges his own private/public key pair for a Public Key 
Cryptosystem (PKC) that is later used, ui any number of secret key 
establislunent instances, to protect a message transmission from the applicant's 
digital processor to the issuer data processing center where the issuer's private 
key may be used. At least three PKCs are acceptable: 1) conventional public key 

10 encryption, 2) the PEKE cryptosystem, and 3) the Lein Ham's improvement to 
the DifFie-Hellman key exchange. Each PKC has intrinsic properties that can 
lead to variations of the present invention. 



Issuer 


Distributor 


Applicant 


Set up private/ 
public key pair 
Package public 
key with applica- 
tion software 


Distribute software 

Distribute 
hardware 


Obtain application 

Obtain portable 
memory device 



15 The issuer also prepares some application software that embeds an 

"applicant registration program" and a copy of the issuer's public key. The 
applicant obtains a copy of this application software from any type of 
distribution channel because there is no customization required at this stage. The 
applicant also obtains a portable memory device if the secret key is to be stored 

20 on such a device, again from any type of distribution channel 

In an instance of secret key establishment, under the control of the 
applicant, the application registration program is executed by a digital processor. 
See the following table. This said program generates a secret key, preferably not 
arbitrarily but starting with one or more arbitrary numbers and then applying 

25 transformations mandated by tlie PKC in use and taking into account the issuar's 
public key, the said transformations preferably taking into account a first 
message according to the cryptosystem in use and issued by or on behalf of the 
issuer. Wlien die PKC in use is conventional public key encryption, diere is no 
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.9. 

first message. When the PKC in use is PEKE, the first message is the PEKE 
initiator's message and it may be issued by or on behalf of the issuer. When the 
PKC in use is the Lein Ham's improvement to the Diffie-HeUman key exchange, 
the first message must be issued by ttie issuer because it requires knowledge of 
5 the issuer's private key, and the transformations further include the abortion of 
the process upon the failure of a digital signature verification. 
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Once generated, part or all of this secret key is loaded into the portable 
10 memory device, if any, otherwise into a convenient digital memory area. 
Alternatively, it may be displayed to tlie applicant in human-readable form, in 
which case tlie applicant would presumably load this key into a separate 
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apparatus having its own memory. 

Another function of the applicant registration program is to accept secret 
inputs chosen by the applicant and typed on a keyboard. The secret inputs 
preferably include a pass query. The secret inputs include a pass reply. 
5 According to the spirit of the present invention, the applicant should be 
instructed not to disclose the pass reply to anyone but to an issuer agent who 
preferably would first pronounce the pass query. 

The main role of the PKC in use is to provide protections for 1) die 
generated secret key, 2) preferably the pass query, 3) the pass reply, and 4) 
10 optionally other data, during then- transmission to the issuer data processing 
center. A PKC alone can not conveniently provide all the required protections. 
Accordingly, a hybrid public/secret key cryptosystem is needed. The details of 
tills arrangement are influenced by die specific PKC in use m any embodiment 
of die present invention. The result of the hybrid public/secret key cryptosystem 
15 is put in a second massage sent to tiie issuer data processing center. 

At the issuer data processing center, die second message is received and 
tiien tiie algoriduns used for protection are reversed, notably using the issuer's 
private key. Upon failure of any verification, the process is aborted. Then the 
appUcant record m die issuer database is expanded to include 1) part or all of die 
20 generated secret key, 2) preferably die pass query, and 3) die pass reply. 

From tiien on, an issuer agent may be assigned die task of communicating 
widi die applicant to verify die appUcanf s identity. See die foUowing table. This 
communication should be two-way simultaneous like a telephone conversation 
or a personal visit to a branch of die issuer. The issuer data processing faciUties 
25 display, or odierwise make available in human understandable form, die 
information relevant to die verification of die applicant identity, namely some 
identification data, preferably die pass query, and die pass reply. During diis 
conversation, preferably die issuer agent pronounces die pass query, allowing die 
applicant to recognize die agent as being autiiorized to verify his identity. Then, 
30 die appUcant should pronounce die pass reply, while die issuer agent Ustens and 
verifies die pass reply. During dus conversation, die issuer agent generally 
verifies die appUcant identity. The data processing faciUties provide die agent 
widi an input mechanism, e.g. an input field on a computer screen, to enter die 
final acceptance or rejection of die registration. This causes a change in die 
35 status of die secret key in die issuer database. Tlie pass query and pass reply are 
not intended for fiirther use after diis verification of identity. 
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Issuer data processing 
center 


Issuer agent 


Applicant 


Communicate 


Establish realtime, 


Establish 


applicant's data 


2-way contact 


realtime, 


Communicate pass 


Pronounce pass query 


2-way contact 


query and pass reply 


Listen and verify reply 


Listen and verify 




Verify applicant's 


query 


Validate secrete key 


identity 


Pronounce pass 


registration 


Accept applicant's 


reply 




identify 


Answer questions 



Generally speaking, the present invention assists the development of 
mutual recognition relationships between the applicant and the issuer. Thus, an 

5 account of the trust relationships through the recommended use of the invention 
may help its xmderstanding. 

In a preferred embodiment of the present invention, the chain of 
recognition relationships starts with the appUcant receiving some software (e.g. 
in the form of an on-line banking software package, or in the form of firmware 

10 within an electronic wallet) that he may recognize as genuinely endorsed by the 
issuer, and that contains the public key of the issuer stored with proprietary or 
semi-proprietary data integrity algorithm. Stated differently, the applicant 
believes that some software package or security device is not bogus, presumably 
because of its look and feel. What he believes genuine contains the public key 

15 of the issuer. Some obscure method is used by what-he-believes-genuine to 
make sure no defi:auder pasted his own public key in place of the issuer's public 
key. 

When the applicant starts die applicant program, a new secret key is 
generated locally. Also, the applicant program gets input, from the appUcant, for 

20 two secret phrases used only for registration purposes, namely a "pass query"' 
(e.g. "Where did my father look when he was at the boarding school?") and a 
"pass reply" (e.g. "My first car was brown and rusty."), both of them being 
protected, along with the newly generated secret key. The issuer's public key is 
used as the starting point of the protection mechanism. The result is sent as the 

25 digital message from the applicant's digital processor to the issuer's data 
processing facilities. By keeping secret tlie pass query and pass reply, the 
applicant gets assurance diat tlie first person who can thereafter pronounce them 
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is an issuer agent; this level of assurance being proportional to the applicant's 
trust in the issuer operational integrity. The applicant should be given clear 
instructions to reveal the pass reply only to someone who just pronoimced the 
pass query. 

5 Upon receipt of the digital message from the applicant by the issuer, the 

issuer program may be executed witliin the issuer data processing facilities, 
where the private counterpart of die issuer's public key is available. As a result of 
the issuer program execution, the applicant record in the issuer database is 
updated with a fresh, yet to be validated secret key registration, and the pass 
10 query and pass reply. As yet another result of the issuer program execution, an 
issuer agent may, at any time thereafter, be assigned the task of validating the 
applicant's identity with a personal conversation. 

During the conversation between die applicant and an issuer agent 
according to the present invention, the present invention provides the issuer 
15 agent with the applicant information needed for the verification of identity, 
namely personal descriptive data (e.g. mother's maiden name and state of birth), 
pass query, and pass reply. The issuer agent should pronounce the pass query to 
the person he is speaking with, wait for this person to pronounce the pass reply. 
In case this verification fails, the present invention provides the issuer with 
20 means to flag the registration as being void. The issuer agent should give rapid 
warning to the legitimate applicant since in these circumstances an impostor 
could impersonate a user agent for this applicant. In the normal case where the 
pass reply verification is successfiil, and assuming that the appUcant did not 
reveal the pass reply to anyone, the issuer agent is assured that the person he is 
25 speakmg with is the one who entered die pass query and reply when the 
applicant's secret key was generated. Then die issuer agent should check that diis 
person knows, without unusual hesitation or imprecision, the descriptive data 
about the applicant. Tliis is the verification of identity diat bmds the applicant to 
the shared secret key established widi the cryptographic protocol. If the 
30 verification of identity is successful, die issuer agent is assured that the person he 
is speaking with is indeed the appUcant for who the secret key registration was 
awaiting validation in the issuer's database. The present invention thus provides 
the issuer agent witii means to flag die secret key registration as being accepted 
or validated. 

35 It is an object of die present invention to offer a remote secret key 

initialization and loading protocol witii sensible identity verification procedures. 
It is yet another object of die present invention to provide enhanced security in 
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view of the subtleties of attacks to cryptographic protocols and algorithms. It is 
yet another object of the present invention to provide cost-effective customer 
registration procedures for the deUvery of electronic transactions based on a 
secret authentication key. It is yet another object of the present invention to 
5 provide customer registration procedures faciUtating the use of alternate chaimels 
for the distribution of devices used for authentication. 

Brief Description of the Drawings 

The present invention will be better understood by way of the following 
10 detailed description of the invention with reference to the appended drawings, in 
which: 

Figure 1 is an overview block diagram illustrating the secret key 
establishment method and system according to the present invention; 

Figure 2 is a detailed block diagram illustating the applicant registration 
15 program according to the present invention; and 

Figure 3 is a detailed block diagram illustrating the reversed 
cryptographic processing done in the issuer data processing center according to 
the present invention, and the facilities provided by the present invention for 
verification of identity. 

20 

Detailed Description of the Invention 

Some operations required by the present invention are performed by 
digital processors. Such operations are hereafter called "controlled computer 
operation" but are nonetheless considered as acts of either the appUcant or die 

25 issuer. In practice, these operations are performed by a computer or other 
electronic apparatus under the control of either the applicant or the issuer. The 
degree of effective control on any computer operation may influence the security 
of the whole secret key establishment method as someone knowledgeable in the 
field of information system security will appreciate fi:om the following 

30 description. 

The inputs and outputs of controlled computer operations are often stored 
in digital memories. Then, again, uninterrupted possession and/or control over 
the use of these digital memories may influence the security of the whole secret 
key estabUshment method. When a digital memory is physically protected 
35 against unauthorized reading or modification, it becomes a "physically secure 
memory". 

It is well known in the field of cryptography and information security how 
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a legitimate user reverses a given cryptographic function from the knowledge of 
the appropriate keys. Thus, the disclosure of the present invention does not 
require the same level of detail for the reversal of a cryptographic function as for 
the function itself. 

5 A public key cryptosystem (PKC) is at the heart of the proposed secret 

key establishment method. There are three possible PKC, namely 1) any Public 
Key Encryption (PK-Encr) schemes, 2) the Probabilistic Encryption Key 
Exchange (PEKE), and 3) the Diffie-Hellman scheme as improved by Lein Ham 
(DH-Hara). For the PK-Encr case, the prior art is mature for a number of 

10 practical alternatives, notably RSA. For PEKE and DH-Ham, the prior art needs 
some precision for use in the present invention. PEKE is used in the preferred 
embodiment; provisions are made to exploit its efficiency as a public key 
cryptosystem for the applicant. The following "PKC specification table" portrays 
the use of each PKC in the present invention. For PK-Encr, the RSA 

15 cryptosystem is used as an example in the PKC specification table. For PEKE 
and DH-Ham, the PKC specification table and the rest of the narrative 
specification are mutually agreeing. The mathematical notation for each PKC is 
independent from each other (e.g. the symbol "e" for PEKE bears no relation to 
the symbol number "e" for DH-Ham). As with most public key cryptosystems, 

20 all computations are made with integer arithmetic, and often with very large 
operands. The usual known art of algorithmic number theory is imphed. The 
symbol "|" represents concatenation of k-bit strings, and tacitly specifies a 
conversion from integer to bit string. Any of the following symbols should be 
read as if it was a one-letter symbol: xA->B, xB, alpha, beta, mu, and nu. 
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RSA (PK-Encr) 


PEKE 


DH-Harn 


Public key 


N=PxQ, e 


N=PxQ 


y=a'^x mod p 


Private key 


P, Q, d, where 
P and Q are 
large random 
primes, and 
dxe mod 
(P.1)(Q-1)=1 


P, Q, where P 
and Q are large 
random primes 
congruent to 3 
modulo 4 
(note 1) 


random x, x<p 


Other para- 
meters 


none 


S, C, k, t, where 

0<CxS<N, 

k<ln(N)/ln(2) 


p, a, where p is 
a large prime 
number and a is 
a "generator" 


First 

message 


none 


random Xa.>b- 
where Xa.>b<C 


r, s, where 
r=a'^k mod p 
from private 
random k, s 
from signature 
equation (note 5) 


Verification 
of first 
message 


n/a 


none 


Signature verifi- 
cation equation 
(note 5) 


Internal 
secret key 


Secret random 
number k 


w=B * 'B 
from secret 
random Xg,, 
where Xb,<N/C 
(note 2) 


r'^e mod p, 
from private 
random e 


Length of 
internal key 


<ln(N)/In(2) 


kxt 


ln(p)/ln(2) 


Second 
message 


c=k^e mod N 




i^a^e mod p 


Verification 
of second 
message 


none 


(note 3) 


none 


Recovery of 
internal 
secret key 


k=c'^d mod N 


W=B,1B,!.„1B,.,. 
from secret , 
(note 4) 


f ^k mod p 
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Table 4: The PKC specification table. 

Note 1: Preferably perform the pre-computation of integers a and b such that 
5 axP+bxQ=l, and aIpha=((P+l)/4/^"''^^ mod (P-1), and 

beta=((Q+l)/4)^*"*'^^ mod (Q-1). 

Note 2: Compute x=(xB-(xB mod S))xC+xA->BxS+(xB mod S), xo=x mod N, 
xi+i=xi^ mod N, where i runs from 0 to t-1, and Bi=xi mod 2*^, where i runs 
from 0 to t-1. 

10 Note 3: Compute mu=(xt mod P)*'P*** mod P, nu=(xt mod Q)°**" mod Q, 
e=(bxQxinu+axPxnu) mod N, f^xQx(p.mu)+axPxnu) mod N, 

g=<bxQxmu+axPx(Q.nu)) mod N, h=(bxQx(p.mu)+axPx(Q.nu)) mod N, 
and then verify that one of e, f, g, or h satisfies 
xA->BxS=(? mod (SxCj)-(? mod S). 

15 Note 4: Compute xo=e mod N, xi+i=xi^ mod N, where i runs from 0 to t-1, 
and Bi=xi mod 2**, where i runs from 0 to t-1. 

Note 5: Lein Ham proposes four possible equation pairs for signature 
generation/verification, as indicated below: 





Signature Generation 


Signature Verification 


(1) 


rxx=k+s mod (p-1) 


y'^r^rxa'^s mod p 


(2) 


sxx=k+r mod (p-1) 


y'^s=rxa'^r mod p 


(3) 


x=rxk+s mod (p-1) 


y=r'^rxa'^s mod p 


(4) 


x=sxk+r mod (p-1) 


y^r'^sxa'^r mod p 



20 

In the preparation for later secret key establishment instances, the issuer 
gets a private/public key pair for itself, according to the PKC in use. See the 
PKC specification table under the row headings "Public key" and "Private key". 
25 This is a controlled computer operation. The issuer makes the issuer private key 
205 available ia the issuer data processing center 300 with the usual security 
precautions to prevent disclosure or unauthorized use. 

Still m the preparation for later secret key establishment instances, tiie 
issuer prepares a set of parameters to be used in controlled computer operations 
30 by the applicant, hi all cases, the issuer public key is part of this set of 
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parameters. This set of parameters also includes the elements listed under tihe 
under the row heading "Other parameters" in the PKC specification table. This 
set of parameters may also include identification data for the issuer, like the 
electronic mail address where the secret key registration should be sent, 
5 In the preferred embodunent, this set of parameters includes additional 

data for the PEKE cryptosystem intended to reduce the computation load for the 
controlled computer operations by tlie applicant. Tliis includes the numbers S 
and C, but the numbers S and C could be part of die fu-st message 103 instead. 
Still in die preparation for later secret key establishment instances, the 
10 issuer preferably transforms this set of parameters, where this transformation 
includes controlled computer operations that protect the integrity of part or all of 
this set of parameters, and at least die issuer public key. In the preferred 
embodiment, the mentioned transformation is encryption and sealing widi a 
Frogbit semi-proprietary algorithm using a secret key of the issuer. The Frogbit 
15 semi-proprietary algorithm is specified in Canadian Patent AppUcation Serial 
No. 2,177,622 published on November 30, 1997. The transformation may use 
other proprietary schemes, 

Altematively, the transformation may include affixing a digital signature 
generated with a private key for digital signature. This private key for digital 
20 signature is either die issuer's, or a certification authority's, and correspondingly 
the digital signature generation is a controlled computer operation respectively 
by the issuer, or by this certification autiiority. As is known firom the prior art, a 
chain of security certificates may be used, in which case security certificates may 
be an integral part of the result of the transformation. Note that with digital 
25 signatures, the Frogbit or a proprietary algorithm may still be used to protect the 
integrity of a certification authority public key. Whenever the mentioned 
transformation is used, its result is shown as "sealed public key" 203 in die 
figures. 

Still in the preparation for later secret key establishment instances, die 
30 issuer prepares an executable computer program comprising at least the applicant 
registration program 100. If the mentioned transformation was not used, the 
applicant registration program 100 is compatible with the set of parameters. If 
die mentioned transformation was used, the applicant registration program 100 is 
compatible with the sealed public key 203 and it includes die integrity 
35 mechanism 107 that is the programmed reversal of die transformation. If the 
transformation uses Frogbit semi-proprietary algorithm or other propriety 
algoridun, Uie preparation of tiiis executable program is a controlled computer 
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operation by the issuer because a secret algorithm and a secret key of the issuer 
must be embedded in the executable program. In the preferred embodiment, the 
executable program comprises substantially more application code than just the 
application registration program 100, so its look and feel would be difficult to 
5 reproduce by a defrauder. The executable program may be embedded in an 
electronic apparatus like a POS terminal instead of being run by a general 
purpose computer. In the preferred embodiment, the executable program is run 
by a general purpose computer and the sealed public key 203 is stored in a 
computer file separate from the executable file. 
10 In preparation for later secret key establishment mstances, the applicant 

has or obtains a copy of an executable program comprising the applicant 
registration program 100, a copy of the sealed public key 203, and a portable 
memory device 102. These items may take several forms, and may be combined 
depending on the variations of the invention. The "portable" memory device 102 
15 is any memory suitable for a given application, including a plurality of memories 
if key-spUtting is used. In the preferred embodiment, the portable memory device 
is any very simple small memory device which can be temporarily connected to 
a personal computer using an inexpensive connector, for example the Dallas 
Semiconductor DS1992 IK-Bit Touch Memory"button", featuring 1024 bits of 
20 non-volatile read/write memory plus a 48 bit unique read-only serial number, m 
a corn-size metal casing that can be attached to a key ring. The reader/coimector 
is part number DS9092GT which connects the Touch Memory to a serial port of 
the personal computer. 

Some variants of the secret key establishment process use a first message 
25 103. This is mainly dependent on the PKC in use. See the PKC specification 
table under the row heading "First message". When a first message 103 is used, 
its generation is the first step of an instance of secret key establishment. With the 
DH-Ham cryptosystem, a first message 103 is used and its generation is a 
controlled computer operation by die issuer because the knowledge of the issuer 
30 private key is required. With the PEKE cryptosystem, there is a first message 
103 that may be generated by the issuer or by another party. With the preferred 
embodiment, the first message 103 is generated by the issuer or by another party, 
but not by the appUcant. With die PK-Encr cryptosystem, there is no first 
message 103. With PEKE, the first message 103 may include the numbers S and 
35 C if they were not included in the set of parameters as in the case of the 
preferred embodiment. When PEKE is used in the present invention, "the 
generation of first message 103 may be assigned to the applicant registration 
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program 100, in which case there is obviously no transmission of the first 

message 103 to the applicant registration program 100. 

If PEKE is used in the present invention and if the generation of the first 

message 103 is not done by the issuer, the issuer must somehow receive its 
5 contents. One possible arrangement is to let the applicant registration program 

100 include the contents of the first message 103 in tiie second message 104. 

This is done in the preferred embodiment, in which case the generating party 

affixes reference numbers to first messages 103 and keeps a log of the first 

messages 103. This allows the issuer to audit the generation of first messages 
10 103. 

The rationale behind the use of a first message 103 is related to subtie 
weaknesses in cryptographic protocols and their implementations. For instance, 
if the issuer does not trust the applicant's processor random source 105, PK-Encr 
should be avoided. With DH-Ham, a passive eavesdropper to the secret key 

15 exchange could notice a failure of the applicant's processor random source where 
the random output would turn out to be constant among a number of instances of 
secret key exchange. With PEKE, this is not an issue. The issuer may use 
discipline in the way first messages 103 are generated to ensure absolute 
tmiqueness or freshness of the secret key generated by instances of the secret key 

20 exchange. For uniqueness, the issuer should tag each first message 103 with a 
serial number and make sure any serial number is used only once. For fireshness, 
the issuer should keep a record of creation times for first messages 103 and reject 
older ones. In the preferred embodiment, die appUcant registration program 100 
is trusted to timely request a first message 103 on each instance of secret key 

25 exchange, and to discard it once used. Also in the preferred embodiment, a 
system with a trusted random source may generate first messages 103; and no 
specific tracking of fixst messages 103 is needed. With PEKE, the presence of 
the number xA->B protects the issuer against "chosen ciphertext attacks" known 
in the prior art, even if the generation of first message 103 is not done by the 

30 issuer. 

The present invention may be practiced with the first message 103 being 
prepared upon request by an applicant, and including data specific to this 
applicant. Although this may enhance the security of the applicant registration 
process, it may also increase the administrative workload for the issuer. 
35 An instance of secret key exchange starts with the receipt of the first 

message 103, if any, and may proceed with die other steps of the applicant 
registi-ation program 100 whenever triggered by tlie applicant. The execution of 
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the other steps of the applicant registratioa program 100 is a controlled computer 
operation by the applicant It is the applicant's digital processor that executes the 
applicant registration program 100. 

An instance of secret key exchange includes, as part of the applicant 

5 registration program 100, the application of integrity mechanism 107 to recover 
public key 204 from sealed public key 203. This is the reversal of the said 
transfonnation that resulted in the "sealed public key*' 203, As a consequence of 
this application of integrity mechanism 107, the applicant registration program 
100 may abort the instance of secret key exchange. In cases where the integrity 

10 mechanism 107 is not used, the public key 204 is directly available to the 
applicant registration program 100 as part of the said set of parameters. 

In the case of DH-Ham, an instance of secret key exchange includes, as 
part of the applicant registration program 100, the verification of the Lein Ham 
intriguing digital signature, that is the verification that the numbers s and r from 

15 the first message 103 satisfy the appropriate verification equation. See the PKC 
specification table under the row heading "Verification of first message". 

An instance of secret key exchange also includes, as part of the appUcant 
registration program 100, the receipt of two inputs, respectively pass query 206 
and pass reply 209, through keyboard input device 101. According to the spirit 

20 of the present invention, the applicant should choose unique and unrelated secret 
phrases for these two inputs. Without departing from the spirit of the present 
invention, the pass query 206 and pass reply 209 can be displayed by the 
applicant registration program 100 instead of being input from the input device 
101. Then, randonmess and secrecy should surround the generation of the pass 

25 query 206 and pass reply 209, to ensure a logical bind or link between this 
instance of secret key exchange and the displayed values for pass query 206 and 
pass reply 209. 

An instance of secret key exchange also includes, as part of the hybrid 
public/secret key cryptographic processing 106, the local generation of an 

30 internal secret key according to the PKC in use. The random source 105 is used 
to generate at least one secret or private random number. See the PKC 
specification table under the row headings "Internal secret key" and "Length of 
intemal key. With PK-Encr, the random source 105 directiy produces the 
internal secret key. With DH-Ham, the random source 105 produces a private 

35 random number e and the said intemal secret key is computed as mod p. With 
PEKE, die random source 105 produces tlie secret random number xB, and the 
intemal secret key is computed from xB, xA->B, S, C, N, t, and k. In the 
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prefened embodiment, the size of the public key number N is 768 bits and the 
number k is about 1/3 of that size, hence k=256. 

The preferred embodiment for the random source 105 includes some 
pseudo-random number generator (PRNG) with state information. The said 
5 PRNG state information is stored on a computer hard disk, protected with the 
Frogbit data integrity algorithm, and varied (using available truly random data) 
both before and after the random source 105 usage in an instance of secret key 
exchange. 

Still according to the PKC in use and as part of the hybrid public/secret 
10 key cryptographic processing 106, the applicant's digital processor prepares some 
components of the second message 104. See the PKC specification table under 
the row heading "Second message". With PK-Encr, this second message is the 
public key encryption of the internal secret key, using public key 204, the 
ciphertext being included in the second message 104. With DH-Ham, this is the 
15 computation of a number f=a^ mod p where a and p were part of the set of 
parameters, according to the known art of the Diffie-Hellman cryptosystem, the 
number f being included in the second message 104. There is no signature 
generation from the applicant's digital processor; in other words the Lein Ham's 
improvement to the Diffie-Helknan cryptosystem is applied only for the issuer. 
20 As is well known in the prior art, the components of the second message 104 
prepared in this way allow the issuer data processing center 300 to recover the 
intemal secret key while protecting it from adversaries even if they can 
eavesdrop on the set of parameters, first message 103, and second message 104. 
Without departing from the spirit of the present invention, other PKCs 
25 may be used for the local generation of the intemal secret key. A likely candidate 
is any PKC that is a secret key establishment cryptosystem using a public key 
204. For instance, the original DifBe-Hellman cryptosystem can be used directly 
with the same public key as for the DH-Ham improvement, in which case the 
intemal secret key is computed as mod p, where e is generated by the random 
30 source 105, and y and p were part of the set of parameters. 

According to the spirit of the present invention, another possible 
arrangement to obtain the intemal secret key would rely oh a public/private key 
pair of the applicant Aat would not require certification as in the prior art public 
key cryptography. The presence of this said public/private key pair of the 
35 applicant would make the random source 105 unnecessary. In this alternate 
scheme, the issuer public key 204 would be like in the PK-Encr case. The public 
component of tlie public/private key pair of tiie applicant would be encrypted 
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using the issuer public key 204, and then transmitted to the issuer data 
processing centre 300 where it would be decrypted using the issuer private key 
205. Still in the issuer data processing centre 300, the function of the random 
source 105 would be performed, thus generating the internal secret key as if done 
5 by the appUcant registration program 100 in the PK-Encr case. The internal 
secret key would then be encrypted using the public component of the 
public/private key pair of the appUcant. Tlie enciypted internal secret key would 
be sent back to the applicant registration program 100 where the knowledge of 
the private component of the public/private key pair of the applicant would allow 
10 the decryption of internal secret key. It should be clear to one skilled in the art 
that the confidentiality of the internal secret key is preserved if this instance of 
secret key estabUshment is thereafter successfully completed, as long as the 
private component of the said public/private key pair of the appUcant remains 
undisclosed, despite the fact that the issuer has no a-priori knowledge of the said 
15 pubUc component of the said pubUc/private key pair of the appUcant. 

Still according to the PKC in use and as part of the hybrid pubUc/secret 
key cryptographic processing 106, the appUcant's digital processor derives the 
secret key 201 from part or all of the said internal secret key. This derivation 
may use any unambiguous specification, as long as it uses no input that is not 
20 shared with the issuer data processing center 300. For instance, a pseudo-random 
generator can be used as an "expander of randomness" if the secret key 201 is 
very large. In the preferred embodiment, the secret key 201 is simply a part of 
the said internal secret key distinct from the two parts used respectively for the 
MAC and the DES encryption. 
25 An instance of secret key exchange includes, as part of the hybrid 

pubUc/secret key cryptographic processing 106, the cryptographic protection of 
pass query 206, pass reply 209, and possibly other data 108. This other data 108 
may include a serial number of the portable memory device 102, the appUcant 
name, a conventional PIN (that is a secret PIN known by the appUcant and stored 
30 in tiie issuer database) chisen by the appUcant at the time of secret key 
estabUshment, and the Uke. This cryptographic protection is done with secret key 
cryptographic algorithms, possibly with the help of key-less hash functions. This 
ciyptographic protection uses part or all of the said internal secret key. For the 
pass query 206 and the pass reply 209, this cryptographic protection is 
35 confidentiality and data integrity protection. For the other data 108, this 
cryptographic protection may be what is deserved by a particular appUcation. 
The result of this cryptograpliic protection is some ciphertext, and possibly some 
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cleartext along with message authentication code, that goes into second message 
104. 

In the preferred embodiment, the cryptographic protection starts with the 
computation of a Message Authentication Code (MAC) of the pass query 206, 

5 the pass reply 209, and the other data 108 if any, using CBC-MAC with the DES 
algorithm, and using a first part of the said internal secret key. Then, DES 
encryption with the CBC mode of operation is applied to the pass query 206, the 
pass reply 209, and any portion of the other data 108 that deserves 
confidentiality protection, using another part of the said internal secret key. 

10 Thus, the data elements that go into second message 104 as a result of the 
cryptographic protection are 1) the ciphertext representation of the encrypted 
data, 2) the un-encrypted portion, if any, of the other data 108, and 3) the 
calculated MAC. 

An instance of secret key exchange also includes, as part of the applicant 

15 registration program 100, the loading of the secret key 201 into the portable 
memory device 102. This is done by key loader 109 that is any interface, 
connector, smartcard reader apparatus, operating system software driver needed 
to write data to the actual memory device in use. The key loader 109 may 
encompass intrinsic security fimctions such as requesting a PIN to imlock a 

20 smart card, or the key-splitting of secret key 201 into two or more parts. 

In the preferred embodiment, the key loader 109 splits the secret key 201 
into three parts as follows: the key loader 109 accepts a local applicant's PIN 
(that is not stored in the issuer database) through the keyboard input device 101, 
the first component is calculated as kl=hash(PIN) where "hash" is a key-less 

25 hash fimction; the key loader gets a component k2 firom the random source 105; 
the third component is computed as k3=secret_key XOR kl XOR k2 where 
secret^key is the secret key 201 and XOR is the exclusive-or operation. The key 
loader 109 loads the key component k2 into a Dallas Semiconductor DS1992 
memory; and loads the key component k3 into a computer file on the local hard 

30 disk. This gives three-factor security: access to the secret key 201 requires 1) 
knowledge of the said local applicant's PIN, 2) access to the said Dallas 
Semiconductor DS1992 memory, and 3) access to the said computer file. 

An instance of secret key exchange also includes, as part of the applicant 
registration program 100, the sending of second message 104 to the issuer data 

35 processing center 300, through any ordinary data communications network. Once 
the second message 104 is received in the issuer data processing center 300, the 
reversed cryptograpliic processing 306 may be executed for the instance of secret 
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key exchange characterized by the particular second message 104. The reversed 
cryptographic processing 306 is essentially the reversal of the hybrid 
public/secret key cryptographic processing 106. Even if it is a controlled 
computer operation by the issuer, it can be executed with minimal operator 
5 supervision, e.g. as an automated processing upon receipt of an e-mail message 
containing second message 104. 

An instance of secret key exchange so includes, as part of the reversed 
cryptographic processing 306, the reversal of the PKC in use, starting with the 
private key 205 and recovering the value of the said internal secret key. In the 
10 case of PEKE, it is possible for this instance of the secret key exchange to be 
aborted as a consequence of a suspected security breach detected during the 
reversal of the PKC in use. See the PKC specification table under the row 
heading "Verification of second message". With PK-Encr, the reversal of the 
PKC in use is the public key decryption of the ciphertext found in second 
15 message 104. Otherwise, see tlie PKC specification table under the row heading 
"Recovery of internal secret key". 

From the said internal secret key, the reversed cryptographic processing 
306 derives the secret key 202, using the same procedures as the hybrid 
public/secret key cryptographic processing 106. The recovered secret key 202 is 
20 stored in the issuer database 303. The secret key status 305 is set to indicate that 
the verification of applicant's identity is yet to be done. 

From the said internal secret key, the reversed cryptographic processing 
306 moreover reverses the cryptographic protections initially appUed to pass 
query 206, pass reply 209, and possibly other data 108. It is possible for this 
25 instance of the secret key exchange to be aborted as a consequence of a 
suspected security breach detected in this reversal operation. The recovered and 
verified pass query 207 and pass reply 210 are stored m the issuer database 303. 

Once the reversed cryptographic processing 306 is complete, the task of 
verifying the issuer's identity may be undertaken by an issuer's agent. To this 
30 end, a display means 301 provides the issuer's agent with the human readable 
form of the query 208, the human readable form of the reply 211, and some 
relevant appUcant identification data. The display means 301 can be a computer 
screen or a printer. The issuer agent is also provided with an input means 302, 
possibly with visual feedback 304, with which the issuer agent may input a 
3 5 signal to update the secret key status 305. The said update of the key status 305 
may indicate the successfiil verification of applicant's identity, and 
correspondingly tlie completion of this instance of secret key exchange according 
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to the present inventioii. The said update of the key status 305 may indicate the 
failure of this instance of secret key exchange. Since the verification of identity 
is critical for the bind between the secret key 202 and the applicant, the known 
art of data processing security should be applied to the provision of the human 
5 readable form of the query 208, the provision of the human readable form of the 
reply 211, and the acceptance of said update of the key status 305 through input 
means 302. 

For some uses of the present invention, the computation load of public 
key cryptography may be a critical design issue, especially if the applicant's 
10 digital processor is a low power electronic device. When the PKC is PEKE, the 
prior art of Montgomery reduction may be applied advantageously in this 
respect. In this contemplated variant of the present invention, the applicant's 
processor would do the "modular reduction" operations "mod N" (and 
respectively "mod S") with the Montgomery algorithm described hereafter. This 
15 requires the pre-computation of some values, to be stored by the issuer in the 
said set of parameters. Let b be the natural computer word size of the applicant's 
processor, and n be such that bn>N (and respectively s such that b^>S). The 
values to be pre-computed are b^" mod N (and respectively b^* mod S) and also 
No' (and respectively So') to be specified hereafter. Another advantageous 
20 change is to replace the PEKE equation B|=ximod2k by 
Bi=((xix(bn)) mod N) mod 2^ the latter bemg more quickly computed by the 
Montgomery algorithm. 

Montgomery multipUcation, in the multiple precision case as m the 
present mvention, allows fast modular arithmetic for a modulus N relative^ 
25 prime to b", where b">N, and arithmetic modulo b is easy (e.g. 2 <N<2 

N is odd, b=28, n=96, so b"=2'^^*). Let B=b" (not to be confused with Bi, a 
notation proper to the PEKE specification). Given T satisfying 0<=T<=BxN, the 
Montgomery reduction algorithm efficiently computes Tx(B'^)modN. Our 
focus is the modular multiplication, so let T=x'xy' where x'=xxB mod N and 
30 y'=yxB mod N; then the Montgomery reduStion algorithm efficiently computes 
x'xy'x(B'^) mod N=xxyxB mod N. 

Let us use the notation Mn,B(X,Y) for the result of XxYx(B"^) mod N, 
using the Montgomery reduction algorithm. Then 
xxyxB mod N=Mn,B(xxB mod N,yxB mod N). To convert an integer x, 
35 0<=x<N, into xxB mod N, compute Mn,B(x,B^ mod N). The value B^ mod N 
should be pre-computed once and for all; tliis must be done with a general 
purpose division operation. To recover x fi:om xxBmodN, compute 
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MN,B(x^B mod N,l). There are two routes to complete a single modular 
multipUcation: MN3(MN,B(x.y),B^ mod N)=xxy mod N, or by pre-computing 
x'=MN^(x,B^ mod N) and y'=MN^(y,B^ mod N), and then 
MN,B(MN,B(x'»y')»l)=xxy mod N. Whenever a series of multipUcations is 
5 performed on a same set of inputs or intermediate results, the latter route is more 
efficient. This is the case of the PEJCE cryptosystem whenever the PEKE 
parameter t is greater than 1. Moreover, if the PEKE equation is changed as 
suggested above, the PEBCE cryptosystem can be restated as 
x'=MN,B(x,b2 mod N), xo'=Mn,B(x',x'), x|+l'=MN,B(xr,xi'). and 

10 Bi=xi' mod 2*^ . 

Now, die internals of the multiprecision Montgomery multiplication 
algorithm may be stated. There is a need for the value of integer N' such that 
Bx(B"^)-NxN'=1, where Bx(B"b mod N=l. Actually, only the least significant 
part of N' is needed, hence the definition Nq-N' mod b. We reproduce below 

15 the simple algorithm from the said article by Dusse and Kahski to efficiently find 
No' from No and b, when b is an exact power of two. Obviously, No' can be 
computed once and for all. 

modularJnverse(N,b) 

Let k be such that b=2\ 
t:= 1; 

for i'e-2 to k do 

if (NoXt mod 2)>2'-' 

return b-t; ^ 



20 In the multiprecision Montgomery multiplication algorithm that follows, 

capital letters are multi-precision variables. The indices are as expected for 
natural integers, e.g. No is the least significant part of N. The algorithm is an 
application of die convolution-sum method for the multipUcation. The variable c 
is an accumolator w6th sufficient capacity for a sum of products and multiple 

25 carry bits from the additions (up to 2n of them). 
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MM.b.n(X.Y) 

No' := b-(No--' mod b); 
c := 0; 

for k«-0 to n-1 do 

c:= c+Zo^i<k(XiXY,,+QiXNJ; 

c := c + X„xYo; 

Q„ := cxNq' mod b; 

0 := c +QkXNo; 

c := c/b; 
for k*-0 to n-1 do 

c := c+E K<i<n(X,xY„,,,+Q,xN„^J; 
:= c mod b; 

c := Lc/bJ: 

Rn:= c: 
if R>N then 

R := R-N; 
return R; 



The variable Rn is actually a local storage area of this algorithm (like Q 
and lower case variables). Consequently, the storage requirement for R is the 
5 same as for X and Y. Moreover, if X and Y are the same variable, as in the 
modular squaring operation of the PEKE cryptosystem, the storage for X, Y, and 
R can be the same. 



wo 98/52316 



PCT/CA98/00431 



-28- 

CLAIMS 

1. A method of establishing a secret cryptographic key shared 
between an applicant and an issuer comprising the steps of: 

providing said applicant with a registration computer program 
means, said registration computer program means having a public key of said 
issuer and public key encryption capability; 

generating said secret key using at least some random information 

at an applicant end; 

generating a pass reply message using at least some arbitrary 

information at said applicant end; 

encrypting said secret key and said pass reply using said public key 
to form at least one encryption message, said message including information 
allowing said issuer to identify said applicant; 

sending said enciyption message to said issuer by 

telecommunications means; 

decrypting said encryption message at an issuer end to retrieve said 
secret key and said pass reply using a private key of said issuer; 

receiving a communication from said applicant at said issuer end 
separate from said encryption message over a channel which said issuer believes 
to be genuinely from said applicant, said communication containing said pass 

reply' 

confirming a validity of said secret key at least with said issuer if 
said pass reply received during said communication matches said pass reply 
decrypted, whereby said secret key may be confirmed for use in £utin:e 
transactions. 

2. Tlie method according to claim 1, wherein said step of confirming 
comprises displaying said pass reply decrypted to an agent at said issuer end. 

3. The method according to claim 1 or 2, wherein said step of 
receiving a communication from said applicant comprises establishing telephonic 
communication with an agent at said issuer end and said applicant. 

4. The method according to claim 3, further comprising a step of 
generating a pass query, wherein said step of encrypting comprises encrypting 
said pass query, said step of decrypting comprises decrypting said pass query, 



[ 
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and further comprising a step of communicating said pass query to said applicant 
from said issuer end prior to receiving said pass reply in said communication, 
whereby said appUcant is reassured that said issuer is genuine as a result of 
hearing said pass query, and feels safe to proceed with giving said pass reply. 

5. The method according to claim 4, wherein said step of 
communicating comprises displaying said pass query decrypted to said agent. 

6. The method according to claim 3, 4 or 5, wherein said agent is 
provided with some personal indentification information about said appUcant, 
said step of confirming further comprismg said agent asking a personal 
identification question to said applicant and listening for a correct response. 

7. The method according to one of claims 1 to 6, wherein said pass 
reply is input by said applicant. 

8. The method according to one of claims 1 to 6, wherein said pass 
reply is displayed to said applicant 

9. The method according to one of claims 1 to 8, further comprising a 
step of selecting a personal identification number (PIN) for said applicant, 
wherein said step of encrypting further comprises encrypting said PIN, said step 
of decrypting further comprises decrypting said PIN, said PIN being stored at 
said issuer end for use in verification of future transactions. 

10. The method according to one of claims 1 to 9, wherein said 
applicant possesses a smart card device and uses a smart card device interface 
connected to said program means, said secret key being loaded into said smart 
card device. 

11. A method of applying for approval of a secret cryptographic key to 
be shared between an applicant and an issuer comprising the steps of: 

obtaining a registration computer program means, said registration 
computer program means having a public key of said issuer and public key 
encryption capability; 

generating said secret key using at least some random information; 

generating a pass reply message using at least some arbitrary 
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information; 

eaciypting said secret key and said pass reply using said public key 
to form at least one encryption message, said message including information 
allowing said issuer to identify said applicant; 

sending said encryption message to said issuer by 
telecommunications means; 

communicating said pass reply to said issuer end separately from 
said encryption message over a channel which said issuer beUeves to be 
genuinely from said applicant, said communication containing said pass reply. 

12. The method according to claun 11, wherein said applicant 
possesses a smart card device and uses a smart card device interface connected 
to said program means, said secret key being loaded into said smart card device. 

13. A method of approving a secret cryptographic key to be shared 
between an applicant and an issuer comprising the steps of: 

receiving at least one encryption message from said applicant by 
telecommunications means, said message including an encryption of a secret key 
and a pass reply using public key encryption with a pubUc key of said issuer, 
said message including information aUowing said issuer to identify said 
applicant;; 

decrypting said encryption message to retrieve said secret key and 
said pass reply using a private key of said issuer; 

receiving a communication from said applicant separate from said 
encryption message over a channel which said issuer believes to be genuinely 
from said applicant, said communication containing said pass reply; 

confirming a validity of said secret key at least with said issuer if 
said pass reply received during said communication matches said pass reply 
decrypted, whereby said secret key may be confirmed for use in future 
transactions. 

14. A system for establishing a secret cryptographic key shared 
between an applicant and an issuer comprising: 

applicant registration means having a public key of said issuer and 
public key encryption capability for generating said secret key using at least 
some random information at an applicant end, for generating a pass reply 
message using at least some arbitraiy information at said applicant end, and for 
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encrypting said secret key and said pass reply using said public key to form at 
least one encryption message, said message including information allowing said 
issuer to identify said applicant; 

means for sending said encryption message to said issuer by 
telecommunications means; 

means for decrypting said encryption message at an issuer end to 
retrieve said secret key and said pass reply using a private key of said issuer; 

means for receiving a conamunication from said applicant at said 
issuer end separate from said encryption message over a channel which said 
issuer believes to be genuinely from said applicant, said communication 
containing said pass reply; 

means for confirming a validity of said secret key at least with said 
issuer if said pass reply received during said communication matches said pass 
reply decrypted, whereby said secret key may be confirmed for use in future 
transactions. 
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